YunoHost-Apps/headscale_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/headscale_ynh.git synced 2024-09-03 19:25:53 +02:00
Code Issues Activity Actions

Initial debugging

Browse source
This commit is contained in:
tituspijean 2023-06-10 22:45:25 +02:00
parent 703c468939
commit 0c9b52630c
No known key found for this signature in database
GPG key ID: EF3B0D7CC0A94720
4 changed files with 5 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
.github/workflows/updater.sh vendored
View file

@ -1,137 +0,0 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
# Remove this exit command when you are ready to run this Action
exit 1
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*"admin"*)
src="app"
;;
*"update"*)
src="app-upgrade"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

4
conf/config.yaml
View file

@ -249,7 +249,7 @@ dns_config:
# Unix socket used for the CLI to connect without authentication # Unix socket used for the CLI to connect without authentication
# Note: for production you will want to set this to something like: # Note: for production you will want to set this to something like:
unix_socket: /var/run/__APP__.sock unix_socket: ./headscale.sock
unix_socket_permission: "0770" unix_socket_permission: "0770"
# #
# headscale supports experimental OpenID connect support, # headscale supports experimental OpenID connect support,
@ -281,7 +281,7 @@ oidc:
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query # # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email". # # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
# #
scope: ["openid", "profile", "email", "custom"] scope: ["openid", "profile", "email"]
extra_params: extra_params:
domain_hint: __DOMAIN__ domain_hint: __DOMAIN__
# #

4
scripts/install
View file

@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_script_progression --message="Installing Dex..." --weight=1 ynh_script_progression --message="Installing Dex..." --weight=1
oidc_secret="$(echo $(ynh_string_random --length=64 --filter='A-F0-9'))" oidc_secret="$(echo $(ynh_string_random --length=32 --filter='A-F0-9'))"
oidc_name="$app" oidc_name="$app"
oidc_callback="$domain/oidc/callback" oidc_callback="$domain/oidc/callback"
@ -70,7 +70,7 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
chmod 400 "$install_dir/config.yaml" chmod 600 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml" chown $app:$app "$install_dir/config.yaml"
#================================================= #=================================================

7
scripts/upgrade
View file

@ -47,12 +47,7 @@ ynh_add_nginx_config
#================================================= #=================================================
# UPDATE A CONFIG FILE # UPDATE A CONFIG FILE
#================================================= #=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1 # We do not alter the configuration file since admins are encouraged to fine-tune it.
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
chmod 400 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD